Cyber Incident Victim: MotorCycle Holdings

MotorCycle Holdings Limited (ASX: MTO), an Australian motorcycle distributor, disclosed a data breach impacting its MOJO Motorcycles business units Sherco and Lambretta on April 1, 2024. The company confirmed an unauthorized threat actor compromised a third-party vendor’s web server hosting these branded websites. The attacker inserted malicious code into the websites, potentially exposing customer personal information including names, addresses, email addresses, and phone numbers. Additionally, the actor accessed the server storing customer responses submitted through web forms on the Sherco and Lambretta sites. MotorCycle Holdings emphasized that its internal corporate network remained secure and isolated from the compromised third-party systems, confirming no broader compromise of company platforms. The breach exclusively affected the MOJO Motorcycles division, which MotorCycle Holdings acquired in October 2022.

The company initiated individual notifications to customers whose data was confirmed as exposed, clarifying that unaffected customers would not be contacted. MotorCycle Holdings stated the incident had no operational impact and assured stakeholders that its investigation remained ongoing. No details regarding the threat actor’s identity, motivations, or potential financial losses were disclosed. Updates were pledged to customers, shareholders, and stakeholders as the investigation progressed. The breach announcement was authorized by the company’s Disclosure Committee, with Managing Director David Ahmet and CFO Nicole Spink designated as contacts for further inquiries.